The General Services Administration’s (GSA) plans to develop an online marketplace to measure and monitor data protection efforts will need further development to prevent data misuse, the Government Accountability Office (GAO) said in a new report.
After a separate GAO report in 2018, GSA developed an online marketplace program to make it easier for Federal agencies to buy commercially available products, and began testing the program. Since then, 13 agencies have signed on as testers, and GSA has contracted with three online marketplace providers.
“The marketplace providers can see data about government purchasing and suppliers but aren’t allowed to use it for marketing, pricing, or other business purposes,” wrote GAO. “We found GSA’s plans to oversee data protection may not fully prevent data misuse.”
According to GAO’s findings, GSA has established initial metrics for measuring program implementation, but has yet to create a comprehensive plan with goals or clear time frames for assessing program progress.
“Establishing a comprehensive plan that outlines goals and time frames for each metric will better position GSA to measure if the program is being implemented successfully or if the program needs changes before it is ultimately expanded government-wide, as is the current plan,” wrote GAO.
Additionally, GSA has developed a plan to oversee each platform provider’s compliance with requirements to protect government and supplier data, however, areas of compliance were not addressed and some actions in the plan may not effectively prevent unauthorized activity, GAO said.
GAO made two recommendations for GSA, including establishing a plan with goals and time frames for measuring program implementation, and further developing its monitoring plan with specific actions to ensure platform providers are complying with data protection requirements. GSA agreed with both recommendations.